The present invention relates to a control system for providing interactive information services, such as video, audio, library, interactive games, and the like over a digital network. Particular video applications include xe2x80x9cmovie on demand,xe2x80x9d on-line data retrieval, and home shopping. More particularly, the invention relates to a control system for providing secure transmission of these information services between a service provider and a customer""s set top unit over a digital network.
Recent advances in digital signal processing techniques and, in particular, advancements in digital compression techniques, have led to an abundance of proposals for providing new digital services to the customer""s home via existing telephone and coaxial cable lines. For example, proposals have been made to provide hundreds of CATV channels to customers by compressing digital video, transmitting the compressed digital video over conventional coaxial CATV cables, and then decompressing the video at the customer""s set top unit. Another proposed application of this technology is a xe2x80x9cmovie on demandxe2x80x9d video system in which a customer communicates directly with a video service provider via the telephone lines or coaxial CATV cables to request a particular video program from a video library, and the requested video program is routed to the caller""s home via the telephone lines or via the coaxial CATV cables for immediate viewing.
Such an exemplary system typically has three distinct segments: (1) a service provider (SP), which provides the video, audio, interactive games and the like (collectively referred to hereinafter as xe2x80x9cprogramsxe2x80x9d) to the system; (2) a customer, who purchases the programs from the service provider; and, (3) a network operator, which provides a transmission path or connection between the SP and the customer for delivery of the programs. A layer of complexity is added to the operation and design of the system if the network operator is defined as a telephone company by the Federal Communications Commission (FCC). In such a case, the network operator is subject to regulation under the jurisdiction of the FCC. The system will then be further categorized into Level 1 services (L1) and Level 2 services (L2). Level 1 services provide the information session connection and define the portion of the system responsible for setting up and maintaining interactive communication sessions between customers and SPs. Level 1 services are provided by the network operator and are regulated by the FCC. Level 2 services, on the other hand, define the portion of the system responsible for providing the programs requested to the L1 portion of the system from the SP and for terminating the service at the customer end of the network. A provider of Level 2 services is defined by the FCC as an enhanced services provider and is not regulated by the FCC. Significantly, these FCC regulations limit the control a Level 1 services provider may have over Level 2 services.
In a Level 1/Level 2 system, which is under the jurisdiction of the FCC, the SP resides in Level 2 and the control that the SP can exercise over Level 1 services is restricted. However, in any system where a SP is delivering programs to a customer over a network, the SP has a need to prevent the unauthorized access to the programs provided to the customer. For example, a non-subscriber may attempt to illegitimately receive the programs intended for the use of paying subscribers. This protection of programs through the prevention of unauthorized access is referred to as xe2x80x9cconditional access.xe2x80x9d As used herein the terms xe2x80x9cconditional accessxe2x80x9d and xe2x80x9cconditional access layerxe2x80x9d broadly refer to the control mechanisms, data structures and commands that provide for selective access or denial of specific services. Prior art systems have provided conditional access by encrypting the programs at the SP site and decrypting the programs at the customer site.
For example, Lee et al., U.S. Pat. No. Re. 33,189, discloses a system using an encryption mechanism for providing conditional access in a satellite television system and is hereby incorporated by reference. In Lee, a program is scrambled at a SP site using a frequently changing random number. The random numbers are encrypted with a key and broadcast along with the program to customer sites. Customers who have paid receive the key, encrypted with the unique ID that is embedded in their set top unit (STU). These customers"" STUs can decrypt the key using the unique ID embedded therein. The customers"" STU can then decrypt the encrypted random numbers, as they are broadcast, and use the random numbers, along with the key, to decrypt the program. As noted above, the key in the Lee invention must be securely transmitted; otherwise, an unauthorized user could get access to the key and gain access to the broadcast programs. Lee protects the key by using the unique ID of the STU to encrypt it. Such a technique works fine in a broadcast environment where there is a single broadcaster to multiple users. In that environment, the broadcaster can take adequate measures to protect the list of valid customer STU IDs. However, in a telephone architecture regulated by the FCC, as described above, multiple service providers (i.e., broadcasters) must have access to the multiple users. In such an environment, the list of unique STU IDs is vulnerable to discovery by unauthorized parties, and the security of the system may be breached. Additionally the Lee system is appropriate for a broadcast environment in which the SPs have the only reasonable means to address the STUs. Therefore, the system is not susceptible to compromise by unauthorized users addressing the STUs. However, in a digital network environment where STUs are uniquely addressable, and multiple SPs have access to multiple STUs, an unauthorized user could put information on the network addressed to individual STUs and thereby compromise the system. Applicants have recognized that a conditional access system in a digital network environment must have a mechanism that allows the STU to authenticate the identity of the SP. Thus, applicants have recognized that an improved encryption technique is needed.
Moreover, while encryption has provided conditional access, the problem of where to perform the conditional access in an FCC regulated system remains unresolved. Applicants have recognized that a solution that performs the conditional access within the L1 portion of the system is unnecessarily complicated by FCC regulation.
Applicants have recognized that conditional access should be performed while a program is still in control of the Level 2 service provider, i.e., before it is delivered to the L1 portion of the system. Access to the program and vital conditional access information can be closely controlled by a service provider. Unfortunately, the file server equipment currently available to service providers does not provide the necessary functionality to perform conditional access before a program is output from the file server. As a result, there is a need for method and apparatus to provide conditional access to a program after it exits a file server, but before it enters the L1 portion of the system.
The problem is complicated further when considered in the context of a typical digital network environment. In such an environment it is expected that the SPs will store programs on file servers in the form of Moving Picture Expert Group (MPEG-2) Systems transport packets, as defined in MPEG-2 Systems International Standards Reference (ISO/IEC JTC1/SC29/WG11 N0801, November 1994, ISO Reference No. 13818-1), which is hereby incorporated by reference. Importantly, although the MPEG-2 Systems International Standards Reference does not standardize on a particular method of conditional access, it does contemplate the addition of conditional access to the MPEG-2 transport packets. Thus, to conform to the MPEG-2 standard, it is necessary that conditional access be added to programs at the MPEG-2 transport packet layer rather than at a higher network protocol layer. However, when a program leaves a service provider""s file server, it will not be in a convenient format for applying conditional access. Rather, the program, in the form of MPEG-2 transport packets, will leave the file server enveloped in a first network protocol. Additionally, in some applications, the packets may then need to be re-mapped into a second network protocol to conform to the network protocol provided by the network operator. Thus, in this context there is a need for method and apparatus for removing the MPEG-2 transport packets of a particular program from a first network protocol, providing conditional access to the MPEG-2 transport packets, and then mapping the MPEG-2 transport packets back into the first network protocol or into a second network protocol.
The present invention meets the needs discussed above by providing method and apparatus between the SPs and the Level 1 services provider that accepts programs destined for an STU in the form of MPEG-2 transport packets enveloped in one of a plurality of network protocols. According to the present invention, the packets are removed from a first network protocol. Conditional access layers are applied to the packets. After applying the conditional access layers, the packets are encapsulated and output in a second network protocol destined for the STU.
According to an aspect of the present invention a method of providing conditional access to a selected program is provided. Packets representing a program requested by a customer having an STU are selected. Those program bearing packets are encrypted according to a first encryption algorithm using a first key. The first key used to encrypt the program is, in turn, encrypted according to a second encryption algorithm using a second key. The first keys are transported in packets to the customer""s STU along with the program packets. The second key is, in turn, encrypted using a public-key cryptographic technique such that the public key used in the encryption corresponds to the private key of the customer""s STU. The encrypted second key is then transported via packets to the STU along with the program and first key packets.
According to another aspect of the present invention, the apparatus provides means for receiving program bearing packets in a first network protocol from a first data link and removing the packets from the first network protocol. The apparatus selects all packets comprising a particular program requested by a customer. Conditional access is then applied to the requested program at the packet layer in accordance with the method described above. The apparatus then encapsulates all packets in a second network protocol and outputs them over a second data link for delivery to the customer""s STU.
According to a further aspect of the present invention, a method and apparatus are provided for generating a message authentication code comprised of a hash of the first key and the second key, such that the STU can determine if the packets bearing the first key has been tampered with during transmission. An additional method and apparatus are provided for applying a digital signature to the encrypted second key, such that the authorized customer can determine the identity of the provider of the encrypted second key, thereby preventing unauthorized users from addressing STUs.